What are the Penalties When Pharmacies Violate HIPAA Rules?

Whether you have a large or small business, if you’re engaged in the healthcare industry, HIPAA compliance is a must. Any failure to protect the confidentiality, integrity and availability of PHI can result to undesirable consequences. Several pharmacies have already received penalties over the past few years because of HIPAA violations. Penalties for HIPAA violations do not only mean paying fines. Violating the regulations can also cause a serious damage in the reputation of the pharmacy.

The Department of Health and Human Services’ Office for Civil Rights increased its efforts in enforcing HIPAA Rules in the past two years. This resulted to a rise in the number of fines and settlements over HIPAA violations received by OCR. The HHS’ Office for Civil Rights had issued fines to violating covered entities up to $1.5 million per violation category per year.

State attorneys general also took more action over privacy breaches in recent years. There were more financial settlements received from covered entities that exposed or impermissibly disclosed PHI. Fines up to $250,000 may be issued by state attorneys general when the same violations are repeated in one year.

Some of the high profile violations involving pharmacies in the past are listed below:

CVS Pharmacy made settlements with OCR for HIPAA violations in the amount of $2.25 million in 2009. The violation involved the improper disposal of prescription bottles and receipts.

Walgreens paid a fine amounting to $1.4 million in 2014 because of impermissible disclosure of PHI. A pharmacist was discovered to have shared the PHI of a patient with her husband and three other persons.

Cornell Pharmacy, which is located in Denver, paid a $125,000 fine in 2015 for the improper disposal of PHI.